Overview

Using two-factor authentication (2FA) is a requirement for UWF Gmail accounts. To avoid losing access to your account, we recommend establishing multiple methods of verification. 

Instructions

Step 1

Go to Gmail.com and log in to your UWF Gmail account

Note: If you're already logged into a personal Gmail account, logout and login with your UWF email account.

Step 2

Go to Google's 2-Step Verification Enrollment page. 

Click your avatar at the top right and confirm that your UWF Gmail address is shown:

Google Account icon, Gmail address

Step 3

You should see your options for 2FA.  The more commonly used 2FA options are

  • Authenticator app
    • UWF employees are required to use the Duo mobile app to secure other key UWF services. These employees can use Duo's rolling code feature to secure their Gmail accounts too, instead of using Google's Authenticator app.  Visit Duo's Third-Party Accounts help article to learn more.
  • Voice or text message
  • Google prompts
  • Backup codes (ALWAYS RECOMMENDED)
    • If you choose this option, then ensure that you also download your backup codes and store them in a safe and secure place.

Ensure that you have at least two of these options enabled. This way, if your default 2FA option is unavailable/not working, then you can use your backup 2FA option.

Going forward

For example, let's say you have the Authenticator app configured as your default 2FA option, and Voice or text message as your backup 2FA option.  When you visit 2-Step Verification for your Gmail account, it'll look something like this:

multiple 2fa enabled for account

Now let's say you got a new smartphone, and you're trying to log in to Gmail.  The Authenticator app likely won't work for you at first (because this app is configured per device).  But since you also configured Voice or text message as your backup 2FA option, and assuming your phone number stayed the same, then all you would have to do is 

1. Click Try another way.

Two-Factor Prompt

2. Click Get a verification code at (•••) •••-••••.

Phone Prompt

3. Type in the 6-digit verification code that Google texted to your phone, then click Next.

Place to enter the code

4. You're now logged in!

If you actually encounter this scenario, then after you get logged in, you should review your 2FA options and add any additional options you think are necessary.

Keep in mind that you can always contact the ITS Help Desk if you get locked out of your university email account.

What options are available to employees who do not wish to use a personal device for authentication?

There are multiple ways to secure your account without having to use a personal device. However, each option comes with pros and cons.

With the exception of using a Security Key, a default 2FA method (phone number or security key) MUST be added. If you do not wish to use a personal cellphone, we recommend setting up your office phone as your default option before setting up the following methods. 


  • Department will need to purchase a security key based on how the key will be used.

      • Security Key NFC by Yubico - Sufficient for individuals who will be using the security key with their UWF Gmail accounts ONLY.
      • YubiKey 5 - For individuals who will use the security key with BOTH their UWF Gmail accounts, and services protected by Duo (such as Banner, remoting into a UWF on-campus computer, and UWF VPN). 
  • Security Key can be kept on your person if traveling.
  • Can be used on most computer and mobile devices.
  • If the Security Key is unavailable, you will not be able to access the account unless an additional 2FA method (e.g., Office Phone, Backup Codes) was enabled.
  • Simple to setup.
  • You will receive a phone call with a code when prompted by Google. 
  • Cannot be used if you do not have access to your office phone.
  • A default 2FA (phone, push notification, security key) must be setup with the account in order to use backup codes.
  • Can be printed off and taken with you if traveling.
  • Codes can only be used once before a new code needs to be used. 
  • Only 10 codes can be active at one time. 
  • Backup codes can be lost if not properly stored. 
  • A default 2FA (phone, push notification, security key) must be setup with the account.
  • Can be kept within the department when access is needed.
  • Additional setup with Google Authenticator mobile app is required.

Do I have to authenticate with 2-Step Verification every time I login to Gmail or a Google service?

If you're using a computer or device you trust, you can select "Don't ask again on this device". After selecting this setting and signing in, you will no longer be asked to authenticate using a 2nd factor on that device while using the same browser unless your cookies or web cache are cleared. Never select this option while using a shared or public computer. With this setting enabled, it's easy to forget that you have 2-Step Verification enabled.  Keep in mind that you'll be prompted for verification when signing into a different device. It's highly recommended to save backup codes for emergencies and establish multiple authentication factors (SMS, App push, authenticator app, back-up codes).

Additional documentation

On this page

  • No labels